English · Français

Privacy Policy

Last updated: June 1, 2026

tastd ("we", "our", or "us") is committed to protecting your privacy. This policy explains what data we collect, how we use it, who we share it with, and what your rights are.

tastd is operated by Hugo Vangay (sole proprietor, Paris, France). See our legal notice for more details.

1. Data we collect

Identity & profile

• First and last name — provided via Sign In with Apple or Google Sign In at signup.
• Email address — used for authentication.
• Username, bio, city, country, profile photo — provided voluntarily during onboarding or in Settings.
• User ID — a unique UUID assigned to your account.

Location

• Real-time GPS position — used only to display the map, compute distances to places, and unlock proximity-based stamping. Never stored on our servers.
• Coordinates of stamped places — when you stamp a place, the place's coordinates (not yours) are recorded with your stamp.

Content you publish

• Stamps — places you mark as visited, with date, text note, photos, recommendations, and optional tags.
• Collections — lists of places you create (public or private), with optional cover photo.
• Likes, saves, follows — social actions (liking a post, saving a place, following another user).
• Photos — stored on Supabase servers (EU Ireland region) and accessible via public HTTPS URL.

Push notifications

• APNs token — a unique identifier generated by Apple for your device, used to send you push notifications (new followers, likes, mentions, follow requests). Automatically deleted if Apple rejects the token (expired).

Contact matching

• If you enable "Find my friends", we compute a SHA-256 hash locally on your device of each phone number and email in your address book (after normalization). Only these hashes are sent to our servers, never the raw numbers or emails.
• Hashes are compared with those of other tastd users to suggest friends already on the app. No match = no contact stored.
• You can delete the hashes at any time from Settings.

Speech recognition

• If you use the mic button to dictate a note or recommendation, your voice is sent to Apple Speech Recognition for transcription. Apple may retain recordings according to its own policy. tastd never stores the raw audio, only the transcribed text you confirm.

Usage metrics

• Pseudonymized device ID — generated by Amplitude to distinguish sessions.
• Anonymized events — screens viewed, taps on main actions, session duration, app version, iPhone model, OS. No personally identifiable data is associated with these events.
• You can disable analytics tracking in Settings → Notifications → analytics.

2. How we use your data

• Authenticate your account and customize your profile.
• Display the map, your progression, and your stamped places.
• Compute the distance between your position and displayed places.
• Send you relevant push notifications (a friend follows you, a like on your post, etc.).
• Broadcast real-time updates via Supabase Realtime (a new post from your followings appears instantly).
• Suggest friends through hashed contact matching.
• Moderate content (reports, blocks) to maintain a healthy community.
• Anonymously analyze usage to improve the app.

We never sell your data. We do not use it for third-party advertising.

3. Third-party services

tastd uses the following providers, each with their own privacy policy:

• Supabase (USA / EU Ireland servers) — database, authentication, photo storage, real-time notifications.
• Apple — Sign In with Apple, Apple Push Notification service (APNs), Apple Speech Recognition, distribution via the App Store.
• Google — Sign In with Google and Google Places API (place information, photos, search).
• Mapbox — map display and geocoding.
• Amplitude (EU region) — product analytics, pseudonymized data.

4. Private account, blocking, and moderation

You can set your account to private in Settings → Privacy. In that case:

• Only users you approve can see your stamps and collections.
• New follow requests go through a queue you validate.

You can block another user (their content disappears for you and vice versa) and report any inappropriate content via the "Report" button. Reports are reviewed manually by our team.

5. Data retention

• While your account is active: data retained for the proper functioning of the service.
• Account deletion: all your personal data (profile, stamps, posts, photos, private collections, contact hashes, push tokens) is erased within 30 days.
• Data retained after deletion: only content you have shared and that has been picked up by others (comments on public posts, contributions to collaborative collections) — this content becomes anonymous but remains visible.
• Technical logs: retained 90 days for security and debugging.

6. Your rights (GDPR)

You have the following rights:

• Access — obtain a copy of the data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — delete your account directly from Settings → Delete my account, or request it from us.
• Portability — receive your data in a machine-readable format.
• Objection — object to the processing of your data.
• Complaint to the CNIL (French data protection authority) or your local DPA.

To exercise these rights, write to support@tastdapp.com. We respond within 30 days.

7. Security

Communications between the app and our servers are encrypted via HTTPS (TLS 1.3). Passwords are never stored in plain text (authentication uses Apple/Google or bcrypt hashes on the Supabase side). Supabase Row Level Security policies ensure a user can only access their own private data plus legitimate public content.

8. Protection of minors

tastd is not intended for children under 13. We do not knowingly collect data about children. If you believe this is the case, write to support@tastdapp.com for immediate deletion.

9. International transfers

Our Supabase and Amplitude servers are in the European Union (Ireland). Some services (Apple, Google, Mapbox) may process data in the United States under the EU-US Data Privacy Framework, ensuring an adequate level of protection.

10. Changes

We may update this policy. Significant changes will be notified via push notification or in-app message, and the update date at the top of this page will be modified.

11. Contact

For any question about this policy, your personal data, or the exercise of your rights:
support@tastdapp.com